CN114614994B - Communication method, device, client and storage medium of API (application program interface) data - Google Patents
Communication method, device, client and storage medium of API (application program interface) data Download PDFInfo
- Publication number
- CN114614994B CN114614994B CN202210305851.1A CN202210305851A CN114614994B CN 114614994 B CN114614994 B CN 114614994B CN 202210305851 A CN202210305851 A CN 202210305851A CN 114614994 B CN114614994 B CN 114614994B
- Authority
- CN
- China
- Prior art keywords
- interface
- data
- signature
- generate
- server
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000004891 communication Methods 0.000 title claims abstract description 48
- 238000000034 method Methods 0.000 title claims abstract description 35
- 238000006243 chemical reaction Methods 0.000 claims description 13
- 238000004590 computer program Methods 0.000 claims description 7
- 238000012163 sequencing technique Methods 0.000 claims 1
- 238000010586 diagram Methods 0.000 description 6
- 230000006870 function Effects 0.000 description 4
- 230000005540 biological transmission Effects 0.000 description 3
- 238000012545 processing Methods 0.000 description 3
- 238000012795 verification Methods 0.000 description 3
- 238000003491 array Methods 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 239000000463 material Substances 0.000 description 2
- 101100127184 Culex quinquefasciatus ken1 gene Proteins 0.000 description 1
- 101100127185 Culex quinquefasciatus ken2 gene Proteins 0.000 description 1
- 238000013473 artificial intelligence Methods 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000003339 best practice Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000002093 peripheral effect Effects 0.000 description 1
- 238000004088 simulation Methods 0.000 description 1
- 208000008918 voyeurism Diseases 0.000 description 1
- XLYOFNOQVPJJNP-UHFFFAOYSA-N water Substances O XLYOFNOQVPJJNP-UHFFFAOYSA-N 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/321—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority
- H04L9/3213—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority using tickets or tokens, e.g. Kerberos
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0435—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/02—Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Storage Device Security (AREA)
Abstract
The application relates to the technical field of software development, in particular to a communication method, a device, a client and a storage medium of API (application program interface) data, wherein the method comprises the following steps: acquiring interface parameters and request data of an API interface; signing the interface parameters by using a preset signing rule to generate an interface signature; and generating an encryption key according to the token provided by the server, encrypting the request data by using the encryption key, encoding to generate encrypted data, and transmitting the interface signature and the encrypted data to the server, so that the server sequentially decrypts the encrypted data and verifies the signature of the interface signature. Therefore, the problems that in the related art, interface data are easy to tamper during data communication of an API interface, the communication safety is low, the user experience is poor and the like are solved.
Description
Technical Field
The present application relates to the field of software development technologies, and in particular, to a method, an apparatus, a client, and a storage medium for communication of API (Application Programming Interface ) interface data.
Background
In the world of the digital internet today, with the rapid development of technologies such as big data, cloud computing, artificial intelligence and the like, the internet industry accelerates innovation, for an enterprise, an API is the most direct way for the enterprise to perform business cooperation online, the data security problem related to the API is increasingly highlighted, the legal rights and interests of the enterprise and users are seriously damaged by the leakage of the API interface data security event, the security is almost the primary task of the enterprise, and all the businesses are ensured to be secure. It is important to implement the API interface security best practices to integrate data that is interactively transferred between systems in a strictly secure locked state.
In the related art, an RSA encryption mode is generally adopted to ensure the safety and integrity of API interface communication data. However, because the RSA algorithm needs to carry out multiple word length processing such as exponentiation and modulo of a large integer, the encryption and decryption speed is low, the encryption is not suitable for encrypting a large number of data files, and the simple encryption can only prevent interception peeping and can not prevent the middle person from disguising.
Disclosure of Invention
The application provides a communication method, a device, a client and a storage medium of API interface data, which are used for solving the problems that in the related art, the API interface is easy to tamper with interface data during data communication, the communication safety is low, the user experience is poor and the like.
An embodiment of a first aspect of the present application provides a method for communicating API interface data, including the steps of: acquiring interface parameters and request data of an API interface; signing the interface parameters by using a preset signing rule to generate an interface signature; and generating an encryption key according to the token provided by the server, encrypting the request data by using the encryption key, encoding to generate encrypted data, and transmitting the interface signature and the encrypted data to the server, so that the server sequentially decrypts the encrypted data and verifies the interface signature.
Further, signing the interface parameter by using a preset signature rule to generate an interface signature, including: sorting non-null parameters in the interface parameters according to ASCII codes of parameter names, and performing format splicing by using URL key value pairs to generate a first character string; splicing the first character string and the universal secret key provided by the server to generate a second character string; and carrying out hash operation on the second character string, carrying out Base64 format conversion to generate a third character string, and converting all characters in the third character string into uppercase to obtain the interface signature.
Further, the encryption key is an AES encryption key, and the encrypting the request data with the encryption key and encoding to generate encrypted data includes: and encrypting the request data by using the AES encryption key, and performing Base64 format conversion on the encrypted request data to generate the encrypted data.
Further, the sending the interface signature and the encrypted data to a server includes: and transmitting the interface signature and the encrypted data to the server by adopting an HTTPS communication protocol.
Further, the interface parameters include one or more of an application identification, a random string, a transaction serial number, a request timestamp, and an interface code.
An embodiment of the second aspect of the present application provides an API interface data communication apparatus, including: the acquisition module is used for acquiring interface parameters and request data of the API interface; the signature module is used for signing the interface parameters by utilizing a preset signature rule to generate an interface signature; the encryption module is used for generating an encryption key according to the token provided by the server, encrypting the request data by utilizing the encryption key, encoding to generate encrypted data, and sending the interface signature and the encrypted data to the server, so that the server sequentially decrypts the encrypted data and verifies the interface signature.
Further, the signature module is further configured to sort non-null parameters in the interface parameters according to ASCII codes of parameter names, perform format concatenation using URL key value pairs, generate a first string, splice the first string with a universal key provided by a server, generate a second string, perform hash operation on the second string, perform Base64 format conversion, generate a third string, and convert all characters in the third string into uppercase, so as to obtain the interface signature.
Further, the encryption module is further configured to encrypt the request data by using an AES encryption key, perform Base64 format conversion on the encrypted request data, generate the encrypted data, and send the interface signature and the encrypted data to the server by using an HTTPS communication protocol.
An embodiment of a third aspect of the present application provides a client, including: the system comprises a memory, a processor and a computer program stored in the memory and capable of running on the processor, wherein the processor executes the program to realize the communication method of the API interface data according to the embodiment.
An embodiment of the fourth aspect of the present application provides a computer-readable storage medium having stored thereon a computer program that is executed by a processor for implementing the method for communication of API interface data as described in the above embodiment.
Therefore, the application has at least the following beneficial effects:
All interface parameters can be signed according to a certain rule, interface signature is used, interface data can be prevented from being falsified and tampered, interfaces are repeatedly called, and request contents are encrypted and encoded, so that the interface data can be effectively prevented from being tampered, the safety of interface data communication is improved, and the use experience of a user is improved. Therefore, the technical problems that in the related art, interface data are easy to tamper during data communication of an API interface, the communication safety is low, the user experience is poor and the like are solved.
Additional aspects and advantages of the application will be set forth in part in the description which follows and, in part, will be obvious from the description, or may be learned by practice of the application.
Drawings
The foregoing and/or additional aspects and advantages of the application will become apparent and readily appreciated from the following description of the embodiments, taken in conjunction with the accompanying drawings, in which:
fig. 1 is a flow chart of a method for communicating API interface data according to an embodiment of the present application;
FIG. 2 is a schematic diagram illustrating an encryption method of interface parameters according to an embodiment of the present application;
Fig. 3 is an exemplary diagram of an application scenario of a method for communicating API interface data according to an embodiment of the present application;
FIG. 4 is a block diagram of a communication device providing API interface data according to an embodiment of the present application;
Fig. 5 is a schematic structural diagram of a client according to an embodiment of the present application.
Detailed Description
Embodiments of the present application are described in detail below, examples of which are illustrated in the accompanying drawings, wherein like or similar reference numerals refer to like or similar elements or elements having like or similar functions throughout. The embodiments described below by referring to the drawings are illustrative and intended to explain the present application and should not be construed as limiting the application.
Since the open API interface that is not processed safely has many risks in the clear, for example, the web page can clearly know the data acquired by the request as long as the web page grabs the packet, i.e. the request can be forged to acquire the tampered or attacked server, and the loss caused to the company and the client is irreparable, so that the security of the API interface data needs to be ensured.
In the related art, RSA encryption is mainly adopted, so that the safety and the integrity of data can be ensured, however, in the related art, the API interface is easy to tamper with interface data during data communication, the communication safety is lower, and the user experience is poor. Therefore, the embodiment of the application provides the communication method, the device, the client and the storage medium of the API interface data, which can prevent tamper control or simulation, ensure that sensitive information of a user is revealed and is prevented from being attacked, and ensure that the data of the interface cannot be tampered; ensuring the legitimacy of the source of the request identity; the uniqueness of the request is guaranteed.
The following describes a communication method, a device, a client and a storage medium of API interface data according to an embodiment of the present application with reference to the accompanying drawings. Specifically, fig. 1 is a flow chart of a method for communicating API interface data according to an embodiment of the present application.
As shown in fig. 1, the communication method of the API interface data includes the following steps:
In step S101, interface parameters of the API interface and request data are acquired.
The interface parameters comprise one or more of application identification, random character strings, transaction serial numbers, request time stamps and interface codes; the request data refers to a service request data body.
It should be noted that, the interface parameters and the request data all belong to the request packet Wen Canshu, and the request packet parameters include: application identification (appId), random string (randomstr), transaction serial number (transationid), request timestamp (timestamp), interface code (apiCode), data signature (sign), service request data (body), and conversion to json format string. Wherein, the application identifier can be 18 bits; the random string may be 32 bits from a combination of letters and numbers; the transaction serial number can be 40 bits, and is generated by an App end to generate a rule: 18appId+YYYMDHHMISS+8-bit running water number; the request timestamp format is: YYYYMMDDHHMISSSSS.
It can be understood that the execution body of the method of the embodiment of the present application is a client, so that when communicating with a server, the client collects interface parameters and request data.
In step S102, the interface parameter is signed by using a preset signature rule, and an interface signature is generated.
It can be understood that the interface provider and the interface caller agree on a unified signature rule, and the client generates a signature sign according to a certain rule by using all request parameters, so that interface data is prevented from being falsified and the interface is prevented from being repeatedly called by using the interface signature.
The server provides an application identifier and a universal key (SECRETKEY), and the client can sign parameters by using the parameters provided by the server, and the related codes are as follows:
(1) Setting an application identification parameter requestbase.setappid (appId);
(2) Setting a timestamp format: STRING TIMESTAMP =
"20220224142900";requestBase.setTimestamp(timestamp+"001");
(3) Setting a serial number composition mode:
String transationid=appId+timestamp+"15146935";
(4) Generating a random character string:
requestBase.setRandomstr("ycjlkyt04c5qn2t5zbbeidrwlnqseb8d");
(5) Generating json format:
body requestBase.setBody(JsonUtil.writeValueAsString(genRequestBody()));
(6) Setting an interface code requestbase.setapicode ("v 3/ant");
(7) Parameter adding signature:
requestBase.setSign(SignUtil.generateSign(requestBase,secretKey));
(8) Generating sign signature content:
SHA256 operation, sign=sha256 (stb. Tostring (). GetBytes (CHARSET _utf8)).
In the embodiment of the application, the interface parameter is signed by utilizing the preset signature rule to generate the interface signature, which comprises the following steps: sorting non-null parameters in the interface parameters according to ASCII codes of parameter names, and performing format splicing by using URL key value pairs to generate a first character string; splicing the first character string and the universal secret key provided by the server to generate a second character string; and carrying out hash operation on the second character string, carrying out Base64 format conversion to generate a third character string, and converting all characters in the third character string into uppercase to obtain an interface signature.
The first character string may be stringA, the second character string may be STRINGSIGNTEMP, and the third character string may be a Base64 format character string.
Specifically, as shown in fig. 2, the sign encryption method in the interface parameters is as follows:
1. The signature algorithm uses SHA256;
2. both the service side and the consumer side need to verify the signature;
3. signature generation:
In the first step, all the data sent or received are set M1, the parameters of non-null parameter values in the set M1 are ordered from small to large according to the parameter name ASCII code (dictionary order), and the format of URL key value pairs (i.e., ken1=value 1& ken2=value 2 …) is used to splice into a character string stringA.
(1) Particular attention is paid to the following important rules:
(2) The parameter names ASCII codes are ordered from small to large (dictionary order);
(3) If the value of the parameter is null, not participating in signature;
(4) Case-based parameter name;
(5) When the return signature is verified, the transmitted sign parameter does not participate in the signature, and the generated signature and the sign value are verified;
(6) The TSP interface may add fields that need to be supported when verifying the signature.
And secondly, finally splicing SECRETKEY at stringA to obtain a STRINGSIGNTEMP character string, carrying out SHA256 operation on STRINGSIGNTEMP, outputting the SHA256 operation result into a Base64 format character string, and converting all characters of the obtained character string into capitalization to obtain a sign value signValue.
In step S103, an encryption key is generated according to the token provided by the server, the request data is encrypted by using the encryption key, the encrypted data is encoded, and the interface signature and the encrypted data are sent to the server, so that the server sequentially decrypts the encrypted data and verifies the interface signature.
It can be understood that the embodiment of the application can encrypt the body content, and then perform encoding and decoding conversion after encrypting, so that even if the body content is stolen, the body content is difficult to crack in effective time, thereby effectively improving the safety of interface data communication.
In the embodiment of the present application, the encryption key is an AES encryption key, and the encryption key is used to encrypt the request data and encode the request data to generate encrypted data, including: and encrypting the request data by using the AES encryption key, and performing Base64 format conversion on the encrypted request data to generate encrypted data.
It will be appreciated that embodiments of the present application may be encrypted using the AES encryption algorithm and encoded using Base64, in particular: the interface provider and the interface caller prescribe an encryption and decryption algorithm, after generating a signature sign, encrypting and transmitting the value of the body by using AES128, encoding the value Base64 after AES encryption, outputting, and updating the AES secret key periodically through the interface.
Wherein, as shown in fig. 3, the client acquires a token for AES encryption key and encrypts body content, and the related codes are as follows:
Acquire token return AESKEY = "D0v5NMeWdQFJibnkjlMYnVn9X44ZuQz1";
using the AES encryption algorithm:
KeyGeneratorkeyGenerator=KeyGenerator.getInstance(AES);byte[]raw=secretKey.getEncoded();SecretKey key=new SecretKeySpec(raw,AES);
base64 encoded output:
BASE64Encoder base64Encoder=new BASE64Encoder();String encript=base64Encoder.encode(encrypted)。
In an embodiment of the present application, sending interface signature and encrypted data to a server includes: the interface signature and encrypted data are sent to the server using HTTPS communication protocol.
It can be understood that in order to prevent man-in-the-middle attack, HTTPS can be used for replacing http in the embodiment of the application, so that data leakage in the network transmission process is avoided as much as possible, and the HTTPS communication protocol is adopted to prevent data plaintext transmission, so that the HTTPS SSL protocol is used for ensuring the security of network transmission.
According to the above embodiment, as shown in fig. 3, the client may sign the parameters according to the agreed signature Guo Ze, obtain Token, encrypt the body content, send the encrypted body content to the server, and decrypt and verify the signature by the server in the following manner:
1. After receiving the request, the server receives the request and then decrypts, and returns that the AES decryption fails, and the server requests to check whether the encryption algorithm corresponds to the original text;
2. the decryption verification is successful, and the validity of the message signature is verified;
3. Signature verification failure returns: verifying that the signature does not pass;
4. signature verification is successful: and processing the service data and returning the service data to the client.
According to the communication method of the API interface data, which is provided by the embodiment of the application, all the interface parameters can be signed according to a certain rule, the interface signature is used, the interface data can be prevented from being falsified and tampered, the interface is repeatedly called, the request content is encrypted and encoded, the interface data can be effectively prevented from being tampered, the safety of the interface data communication is improved, and the use experience of a user is improved.
Next, a communication device of API interface data according to an embodiment of the present application will be described with reference to the accompanying drawings.
Fig. 4 is a block diagram of a communication device of API interface data according to an embodiment of the present application.
As shown in fig. 4, the API interface data communication apparatus 10 includes: an acquisition module 100, a signature module 200 and an encryption module 300.
The acquiring module 100 is configured to acquire interface parameters and request data of an API interface; the signature module 200 is used for signing the interface parameters by using a preset signature rule to generate an interface signature; the encryption module 300 is configured to generate an encryption key according to a token provided by the server, encrypt the request data with the encryption key, encode the request data to generate encrypted data, and send the interface signature and the encrypted data to the server, so that the server sequentially decrypts the encrypted data and verifies the interface signature.
In the embodiment of the present application, the signature module 200 is further configured to sort non-null parameters in the interface parameters according to ASCII codes of the parameter names, perform format concatenation using URL key value pairs, generate a first string, splice the first string with a universal key provided by the server, generate a second string, perform hash operation on the second string, perform Base64 format conversion, generate a third string, and convert all characters in the third string into uppercase, so as to obtain the interface signature.
In the embodiment of the present application, the encryption module 300 is further configured to encrypt the request data by using the AES encryption key, perform Base64 format conversion on the encrypted request data, generate encrypted data, and send the interface signature and the encrypted data to the server by using the HTTPS communication protocol.
It should be noted that the foregoing explanation of the embodiment of the method for communicating API interface data is also applicable to the device for communicating API interface data of this embodiment, and will not be repeated here.
According to the communication device of the API interface data, which is provided by the embodiment of the application, all the interface parameters can be signed according to a certain rule, the interface signature is used, the interface data can be prevented from being falsified and tampered, the interface is repeatedly called, the request content is encrypted and encoded, the interface data can be effectively prevented from being tampered, the safety of the interface data communication is improved, and the use experience of a user is improved.
Fig. 5 is a schematic structural diagram of a client according to an embodiment of the present application. The client may include:
Memory 501, processor 502, and a computer program stored on memory 501 and executable on processor 502.
The processor 502 implements the communication method of API interface data provided in the above-described embodiment when executing a program.
Further, the client further includes:
a communication interface 503 for communication between the memory 501 and the processor 502.
Memory 501 for storing a computer program executable on processor 502.
The memory 501 may include high-speed RAM (Random Access Memory ) memory, and may also include non-volatile memory, such as at least one disk memory.
If the memory 501, the processor 502, and the communication interface 503 are implemented independently, the communication interface 503, the memory 501, and the processor 502 may be connected to each other via a bus and perform communication with each other. The bus may be an ISA (Industry Standard Architecture ) bus, a PCI (PERIPHERAL COMPONENT, external device interconnect) bus, or EISA (Extended Industry Standard Architecture ) bus, among others. The buses may be divided into address buses, data buses, control buses, etc. For ease of illustration, only one thick line is shown in fig. 5, but not only one bus or one type of bus.
Alternatively, in a specific implementation, if the memory 501, the processor 502, and the communication interface 503 are integrated on a chip, the memory 501, the processor 502, and the communication interface 503 may perform communication with each other through internal interfaces.
The processor 502 may be a CPU (Central Processing Unit ) or an ASIC (Application SPECIFIC INTEGRATED Circuit, application specific integrated Circuit) or one or more integrated circuits configured to implement embodiments of the present application.
The embodiment of the present application also provides a computer-readable storage medium having stored thereon a computer program which, when executed by a processor, implements the method for communicating API interface data as described above.
In the description of the present specification, a description referring to terms "one embodiment," "some embodiments," "examples," "specific examples," or "some examples," etc., means that a particular feature, structure, material, or characteristic described in connection with the embodiment or example is included in at least one embodiment or example of the present application. In this specification, schematic representations of the above terms are not necessarily directed to the same embodiment or example. Furthermore, the particular features, structures, materials, or characteristics described may be combined in any suitable manner in any one or N embodiments or examples. Furthermore, the different embodiments or examples described in this specification and the features of the different embodiments or examples may be combined and combined by those skilled in the art without contradiction.
Furthermore, the terms "first," "second," and the like, are used for descriptive purposes only and are not to be construed as indicating or implying a relative importance or implicitly indicating the number of technical features indicated. Thus, a feature defining "a first" or "a second" may explicitly or implicitly include at least one such feature. In the description of the present application, "N" means at least two, for example, two, three, etc., unless specifically defined otherwise.
Any process or method descriptions in flow charts or otherwise described herein may be understood as representing modules, segments, or portions of code which include one or more N executable instructions for implementing specific logical functions or steps of the process, and further implementations are included within the scope of the preferred embodiment of the present application in which functions may be executed out of order from that shown or discussed, including substantially concurrently or in reverse order, depending on the functionality involved, as would be understood by those reasonably skilled in the art of the embodiments of the present application.
It is to be understood that portions of the present application may be implemented in hardware, software, firmware, or a combination thereof. In the above-described embodiments, the N steps or methods may be implemented in software or firmware stored in a memory and executed by a suitable instruction execution system. As with the other embodiments, if implemented in hardware, may be implemented using any one or combination of the following techniques, as is well known in the art: discrete logic circuits having logic gates for implementing logic functions on data signals, application specific integrated circuits having suitable combinational logic gates, programmable gate arrays, field programmable gate arrays, and the like.
Those of ordinary skill in the art will appreciate that all or a portion of the steps carried out in the method of the above-described embodiments may be implemented by a program to instruct related hardware, where the program may be stored in a computer readable storage medium, and where the program, when executed, includes one or a combination of the steps of the method embodiments.
Claims (8)
1. A method for communicating API interface data, comprising the steps of:
Acquiring interface parameters and request data of an API interface;
signing the interface parameters by using a preset signing rule to generate an interface signature; and
Generating an encryption key according to a token provided by a server, encrypting the request data by using the encryption key, encoding to generate encrypted data, and transmitting the interface signature and the encrypted data to the server, so that the server sequentially decrypts the encrypted data and verifies the interface signature;
The signing the interface parameter by using a preset signing rule to generate an interface signature comprises the following steps: sorting non-null parameters in the interface parameters according to ASCII codes of parameter names, and performing format splicing by using URL key value pairs to generate a first character string; splicing the first character string and the universal secret key provided by the server to generate a second character string; and carrying out hash operation on the second character string, carrying out Base64 format conversion to generate a third character string, and converting all characters in the third character string into uppercase to obtain the interface signature.
2. The method of claim 1, wherein the encryption key is an AES encryption key, wherein encrypting the request data with the encryption key and encoding to generate encrypted data comprises:
And encrypting the request data by using the AES encryption key, and performing Base64 format conversion on the encrypted request data to generate the encrypted data.
3. The method of claim 1, wherein said sending the interface signature and the encrypted data to a server comprises:
And transmitting the interface signature and the encrypted data to the server by adopting an HTTPS communication protocol.
4. A method according to any of claims 1-3, wherein the interface parameters include one or more of an application identification, a random string, a transaction serial number, a request timestamp, and an interface code.
5. An API interface data communication apparatus, comprising:
The acquisition module is used for acquiring interface parameters and request data of the API interface;
The signature module is used for signing the interface parameters by utilizing a preset signature rule to generate an interface signature; and
The encryption module is used for generating an encryption key according to the token provided by the server, encrypting the request data by utilizing the encryption key, encoding to generate encrypted data, and transmitting the interface signature and the encrypted data to the server, so that the server sequentially decrypts the encrypted data and verifies the interface signature;
wherein the signature module is further to: and sequencing the non-null parameters in the interface parameters according to ASCII codes of parameter names, performing format splicing by using URL key value pairs to generate a first character string, splicing the first character string and a universal key provided by a server to generate a second character string, performing hash operation on the second character string, performing Base64 format conversion to generate a third character string, and converting all characters in the third character string into uppercase to obtain the interface signature.
6. The apparatus of claim 5, wherein the encryption module is further configured to encrypt the request data using an AES encryption key and to Base64 format convert the encrypted request data, generate the encrypted data, and send the interface signature and the encrypted data to the server using an HTTPS communication protocol.
7. A client, comprising: a memory, a processor and a computer program stored on the memory and executable on the processor, the processor executing the program to implement the method of communicating API interface data according to any one of claims 1-4.
8. A computer-readable storage medium having stored thereon a computer program, wherein the program is executed by a processor for implementing the method of communication of API interface data according to any of claims 1-4.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210305851.1A CN114614994B (en) | 2022-03-25 | 2022-03-25 | Communication method, device, client and storage medium of API (application program interface) data |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210305851.1A CN114614994B (en) | 2022-03-25 | 2022-03-25 | Communication method, device, client and storage medium of API (application program interface) data |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN114614994A CN114614994A (en) | 2022-06-10 |
| CN114614994B true CN114614994B (en) | 2024-05-10 |
Family
ID=81866186
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210305851.1A Active CN114614994B (en) | 2022-03-25 | 2022-03-25 | Communication method, device, client and storage medium of API (application program interface) data |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114614994B (en) |
Families Citing this family (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115277096B (en) * | 2022-06-28 | 2023-07-11 | 重庆长安汽车股份有限公司 | Digital commodity rights management method |
| CN114826623B (en) * | 2022-06-28 | 2022-09-20 | 云账户技术(天津)有限公司 | Mock test message processing method and device |
| CN116384352B (en) * | 2023-06-07 | 2023-08-25 | 北京拓普丰联信息科技股份有限公司 | Data set generation method, device, equipment and medium |
| CN117640109B (en) * | 2024-01-26 | 2024-04-26 | 远江盛邦(北京)网络安全科技股份有限公司 | API (application program interface) secure access method and device, electronic equipment and storage medium |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108512666A (en) * | 2018-04-08 | 2018-09-07 | 苏州犀牛网络科技有限公司 | Encryption method, data interactive method and the system of API request |
| CN108769027A (en) * | 2018-05-31 | 2018-11-06 | 深圳壹账通智能科技有限公司 | Safety communicating method, device, mobile terminal and storage medium |
| CN110611670A (en) * | 2019-09-12 | 2019-12-24 | 贵阳叁玖互联网医疗有限公司 | API request encryption method and device |
| CN110868291A (en) * | 2019-11-26 | 2020-03-06 | 普联技术有限公司 | Data encryption transmission method, device, system and storage medium |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP2456146B1 (en) * | 2010-11-18 | 2013-06-12 | Research In Motion Limited | Cross-Component Cryptographic Message Syntax Message Construction |
-
2022
- 2022-03-25 CN CN202210305851.1A patent/CN114614994B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108512666A (en) * | 2018-04-08 | 2018-09-07 | 苏州犀牛网络科技有限公司 | Encryption method, data interactive method and the system of API request |
| CN108769027A (en) * | 2018-05-31 | 2018-11-06 | 深圳壹账通智能科技有限公司 | Safety communicating method, device, mobile terminal and storage medium |
| CN110611670A (en) * | 2019-09-12 | 2019-12-24 | 贵阳叁玖互联网医疗有限公司 | API request encryption method and device |
| CN110868291A (en) * | 2019-11-26 | 2020-03-06 | 普联技术有限公司 | Data encryption transmission method, device, system and storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN114614994A (en) | 2022-06-10 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| KR102392420B1 (en) | Program execution and data proof scheme using multi-key pair signatures | |
| CN111095256B (en) | Securely executing smart contract operations in a trusted execution environment | |
| CN114614994B (en) | Communication method, device, client and storage medium of API (application program interface) data | |
| WO2021017128A1 (en) | Login token generation method and apparatus, login token verification method and apparatus, and server | |
| WO2021012552A1 (en) | Login processing method and related device | |
| CN110401615B (en) | Identity authentication method, device, equipment, system and readable storage medium | |
| CN111131278B (en) | Data processing method and device, computer storage medium and electronic equipment | |
| JP2001051596A (en) | Device and method for generating/verifying data | |
| US20220006835A1 (en) | Tls integration of post quantum cryptographic algorithms | |
| CN106911684B (en) | Authentication method and system | |
| US11914754B2 (en) | Cryptographic method for verifying data | |
| US11956367B2 (en) | Cryptographic method for verifying data | |
| CN112491549A (en) | Data information encryption verification method, system and computer readable storage medium | |
| CN112784284B (en) | Encryption processing system, encryption processing method, and recording medium | |
| CN108777673B (en) | Bidirectional identity authentication method in block chain | |
| CN114244508A (en) | Data encryption method, device, equipment and storage medium | |
| CN113114654A (en) | Terminal equipment access security authentication method, device and system | |
| CN115276978A (en) | Data processing method and related device | |
| CN113630412B (en) | Resource downloading method, resource downloading device, electronic equipment and storage medium | |
| CN116506134B (en) | Digital certificate management method, device, equipment, system and readable storage medium | |
| CN105635114A (en) | Password verification method and system | |
| CN114553566B (en) | Data encryption method, device, equipment and storage medium | |
| CN115102768A (en) | Data processing method and device and computer equipment | |
| Bojanova et al. | Cryptography classes in bugs framework (BF): Encryption bugs (ENC), verification bugs (VRF), and key management bugs (KMN) | |
| CN114024702A (en) | Information security protection method and computing device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |